[PATCH libdrm 1/3] amdgpu: Don't dereference device_handle after amdgpu_device_deinitialize

michel@xxxxxxxxxxx (Michel Dänzer) · Wed, 17 Jan 2018 12:24:43 +0100

From: Michel DÃ¤nzer <michel.daenzer@xxxxxxx>

Fixes use after free:

==2537== Invalid read of size 4
==2537==    at 0x1162C9: suite_deadlock_tests_enable (deadlock_tests.c:101)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)
==2537==  Address 0x5e44f24 is 452 bytes inside a block of size 1,016 free'd
==2537==    at 0x4C2BE1B: free (vg_replace_malloc.c:530)
==2537==    by 0x504CD8B: amdgpu_device_reference (amdgpu_device.c:164)
==2537==    by 0x504CD8B: amdgpu_device_deinitialize (amdgpu_device.c:307)
==2537==    by 0x1162BB: suite_deadlock_tests_enable (deadlock_tests.c:97)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)
==2537==  Block was alloc'd at
==2537==    at 0x4C2CC05: calloc (vg_replace_malloc.c:711)
==2537==    by 0x504CA5E: amdgpu_device_initialize (amdgpu_device.c:212)
==2537==    by 0x116298: suite_deadlock_tests_enable (deadlock_tests.c:93)
==2537==    by 0x10B157: amdgpu_disable_suits (amdgpu_test.c:421)
==2537==    by 0x10B157: main (amdgpu_test.c:560)

Signed-off-by: Michel DÃ¤nzer <michel.daenzer at amd.com>
---
 tests/amdgpu/deadlock_tests.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/tests/amdgpu/deadlock_tests.c b/tests/amdgpu/deadlock_tests.c
index 84f4debe..cd34cdf6 100644
--- a/tests/amdgpu/deadlock_tests.c
+++ b/tests/amdgpu/deadlock_tests.c
@@ -90,20 +90,21 @@ static void amdgpu_deadlock_compute(void);
 
 CU_BOOL suite_deadlock_tests_enable(void)
 {
+	CU_BOOL enable = CU_TRUE;
+
 	if (amdgpu_device_initialize(drm_amdgpu[0], &major_version,
 					     &minor_version, &device_handle))
 		return CU_FALSE;
 
-	if (amdgpu_device_deinitialize(device_handle))
-		return CU_FALSE;
-
-
 	if (device_handle->info.family_id == AMDGPU_FAMILY_AI) {
 		printf("\n\nCurrently hangs the CP on this ASIC, deadlock suite disabled\n");
-		return CU_FALSE;
+		enable = CU_FALSE;
 	}
 
-	return CU_TRUE;
+	if (amdgpu_device_deinitialize(device_handle))
+		return CU_FALSE;
+
+	return enable;
 }
 
 int suite_deadlock_tests_init(void)
-- 
2.15.1






